Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[release-4.7] Bug 1949348: not allow healthcheck traffic to loop through the node #2526

Merged
merged 1 commit into from
May 26, 2021
Merged

[release-4.7] Bug 1949348: not allow healthcheck traffic to loop through the node #2526

merged 1 commit into from
May 26, 2021
+15 −0

Commits on Apr 14, 2021

  1. don't forward GCP health checkers traffic 

    The way that Openshift configures the VIPs differs from GCP, and
instead uses DNAT with conntrack.

The GCP health checkers poll the VMs with LB backends to know its
status. This traffic is wrongly DNATed sometimes, and it
create stale entries in conntrack that cause network interruptions.

The healthcheck traffic can never be forwarded inside the VM, so
we just drop it, allowing only it when is directed to the host.

Signed-off-by: Antonio Ojea <aojea@redhat.com>
    Antonio Ojea authored and openshift-cherrypick-robot committed Apr 14, 2021
    Configuration menu
    Copy the full SHA
    eb43d46 View commit details
    Browse the repository at this point in the history